What is CVE-2025-11538?

CVE-2025-11538 is a medium-severity vulnerability in Keycloak, classified under CWE-1327. CVSS score: 6.8/10. Published 2025-11-13.

How severe is CVE-2025-11538?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Keycloak

CVE-2025-11538

A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces (0.0.0.0). This exposes the debug port to…

EPSS: 0.000 (1.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Keycloak — versions 0
Red Hat Build Of Keycloak 26.4 — versions 26.4.4-1, 26.4-3
Red Hat Build Of Keycloak 26.4.4

Weakness classification (CWE)

CWE-1327

References

RHSA-2025:21370 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:21371 (vendor-advisory, x_refsource_REDHAT)
access.redhat.com/security/cve/CVE-2025-11538 (vdb-entry, x_refsource_REDHAT)
RHBZ#2402622 (issue-tracking, x_refsource_REDHAT)
github.com/keycloak/keycloak/commit/9e98f2bf961f68853cea6fbec58b512ed8be7ca9
github.com/keycloak/keycloak/pull/43574

Frequently asked questions

What is CVE-2025-11538?: CVE-2025-11538 is a medium-severity vulnerability in Keycloak, classified under CWE-1327. CVSS score: 6.8/10. Published 2025-11-13.
How severe is CVE-2025-11538?: Medium severity. CVSS v3 base score is 6.8 out of 10.